RE: [us...@httpd] group authorization via LDAP

2009-10-02 Thread Tony Rice (trice)
Thanks makes sense and works well using require ldap-filter -Tony > -Original Message- > From: Eric Covener [mailto:cove...@gmail.com] > Sent: Friday, October 02, 2009 3:38 PM > To: users@httpd.apache.org > Subject: Re: [us...@httpd] group authori

Re: [us...@httpd] group authorization via LDAP

2009-10-02 Thread Eric Covener
> AuthLDAPGroupAttribute memberOf > > require ldap-group CN=mygroup,OU=GroupStuff,OU=Company > Groups,DC=dev,DC=company,DC=com > > My LDAP entry (using the URL above) looks like this: > dn:CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com > >               objectClass: top >          

RE: [us...@httpd] group authorization via LDAP

2009-10-02 Thread Tony Rice (trice)
uire valid-user" and "require ldap-filter" work fine either way). -Tony > -Original Message- > From: Tony Rice (trice) > Sent: Friday, October 02, 2009 1:52 PM > To: users@httpd.apache.org > Subject: RE: [us...@httpd] group authorization via LDAP > > I&

RE: [us...@httpd] group authorization via LDAP

2009-10-02 Thread Tony Rice (trice)
I'm able to do LDAP based group authorization when specify the group info as a filter in the LDAP URL but I'd like to configure a more generic LDAP string in the apache config and allow users to control access by group membership using .htaccess files. I'm able to authenticate based on userid/pass

Re: [us...@httpd] group authorization via LDAP

2009-10-02 Thread Eric Covener
On Fri, Oct 2, 2009 at 8:38 AM, Marc Patermann wrote: > Hi, > > Tom Evans schrieb: >> >> On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote: > >> This is how we do it: >> [...] >> AuthzLDAPAuthoritative "On" >> Require valid-user >> Require ldap-group cn=Department,ou=Groups,o=Company > >

Re: [us...@httpd] group authorization via LDAP

2009-10-02 Thread Eric Covener
On Fri, Oct 2, 2009 at 10:36 AM, Tony Rice (trice) wrote: > Is our only choice changing all the .htaccess files with "require group > " to "require ldap-group cn=,ou=some long ldap > string" in order to make the switch group authorization via LDAP groups? Yes. -- Eric Covener cove...@gmail.com

RE: [us...@httpd] group authorization via LDAP

2009-10-02 Thread Tony Rice (trice)
lemail.com] > Sent: Friday, October 02, 2009 4:36 AM > To: users@httpd.apache.org > Subject: Re: [us...@httpd] group authorization via LDAP > > On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote: > > I'm trying to convert from DBM file based authentication an

Re: [us...@httpd] group authorization via LDAP

2009-10-02 Thread Marc Patermann
Hi, Tom Evans schrieb: On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote: This is how we do it: [...] AuthzLDAPAuthoritative "On" Require valid-user Require ldap-group cn=Department,ou=Groups,o=Company Does this work? When I read the docs: "Require valid-user If this directive exist

Re: [us...@httpd] group authorization via LDAP

2009-10-02 Thread Tom Evans
On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote: > I'm trying to convert from DBM file based authentication and > authorization to LDAP based authentication and authorization in Apache > 2.2.11. > > We've already got a large number of .htaccess files with specific > configs for individu